Operator Requirements
Authentication
The VIP Connect API for operators is protected by HTTP JWT bearer token authentication. In order to authenticate to the VIP Connect API, operators have to generate a JWT with the following parameters:
| Claim | Value |
|---|---|
| iss | The configured OperatorId |
| aud | vip-api |
| nbf | Standard JWT claim (RFC7519) |
| exp | Standard JWT claim; recommend setting a very short expiry time (RFC7519) |
| iat | Standard JWT claim (RFC7519) |
Sign the JWT using the HS256 algorithm and one of the Pavilion provided keys, SecretKey1 or SecretKey2. These two secrets are base64 encoded.
For all HTTP requests operators should send JWT in the "Authorization" header using the "Bearer" scheme. The content of the header should reflect the following:
Authorization: Bearer token
JSON Web Token
The following JWT is for example purposes only; these example credentials will not work during integrations.
| issuer | da6f9fc7-077f-403e-8623-f8bbe2554075 |
| secret key (base64) | nXkCKjsV0U1G56poFTdi43iSfwjzVifcVmN9Artmbrs99MsxuBwPyGPNujE5uO03jUKdtLKuEvUgpu2IzTWvog== |
| Audience | vip-api |
The example credentials above result in the following JWT:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2MzUyNjExNzUsImV4cCI6MTY2Njc5NzE3NSwiaWF0IjoxNjM1MjYxMTc1LCJpc3MiOiJkYTZmOWZjNy0wNzdmLTQwM2UtODYyMy1mOGJiZTI1NTQwNzUiLCJhdWQiOiJ2aXAtYXBpIn0.XwcWyt4hrlhh7QBXtWxkwVQuTnxWhoOQFn5zHPef4F8
This token can be decoded using tools such as https://jwt.io/ or https://jwt.ms. Header, payload and signature are included below. https://jwt.io can be used to modify the payload and sign the token using the secret key. Ensure that the secret base64 encoded is checked.
Tools such as jwt.io should only be used for development and debugging purposes. In a production environment JWTs should be generated at run time and have an expiration time of one hour or less to minimize replay attacks.
HEADER:
{
"alg": "HS256",
"typ": "JWT"
}
PAYLOAD:
{
"nbf": 1635262033,
"exp": 1635348433,
"iat": 1635262033,
"iss": "da6f9fc7-077f-403e-8623-f8bbe2554075",
"aud": "vip-api"
}
SIGNATURE:
XwcWyt4hrlhh7QBXtWxkwVQuTnxWhoOQFn5zHPef4F8
To learn more about how to generate JWTs in various programming languages reference the following articles.
Plaid Configuration
Plaid allows end users to link their bank accounts to their VIP account by creating a secure connection between a user’s financial institution and the VIP Connect application. Pavilion will set up a sandbox for Plaid integration as required. For more information on Plaid set up, refer to Plaid's Quickstart resouce.